IT survey: 2 out of 3 IT pros put systems at risk of downtime
and security violations

Netwrix 2015 State of IT Changes Survey reveals that nearly 70% of organizations continue to make undocumented changes and only 50% audit their IT infrastructures

Irvine, CA, April 22, 2015

Netwrix Corporation, the #1 provider of change and configuration auditing software, today announced the results of its 2015 State of IT Changes Survey. The research of more than 700 IT professionals across over 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingly, the number of large enterprises that make undocumented changes has increased by 20% to 66%.

Undocumented changes pose a hidden threat to business continuity and the integrity of sensitive data. The survey shows that 67% of companies suffer from service downtime due to unauthorized or incorrect changes to system configurations, while the worst offenders are again enterprises in 73% of cases.

Security-wise, the overwhelming majority of organizations claim to have never made a change that turned out to be the root cause of a breach. However, given that the majority of companies make undocumented changes and only half of them have auditing processes in place - instead relying on looking through native logs manually - their ability to prove the security of their systems is questionable. What seems to be true is that many organizations remain in the dark about what is going on across their IT infrastructures and are not able to detect a security violation until a data breach is officially revealed.

Despite the fact that companies still have shortcomings in their change management policies, the overall results of 2015 show a positive trend. More organizations have changed their approach to changes and have made some effort to establish auditing processes to achieve visibility into their IT infrastructures. The key survey findings show that of the respondents:

80% of organizations continue to claim they document changes; however, the number of companies that make undocumented changes has grown throughout the year and reached 70%. The frequency of those changes has also increased.

58% of small companies have started to track changes despite the lack of change management controls, against 30% last year.

Change auditing technology continues to capture the market, as 52% of organizations have established change auditing controls, compared to 38% last year. Today, 75% of enterprises (52% in 2014) have established change auditing processes to monitor their IT infrastructures.

Due to established change management controls, more thorough documentation and automated auditing processes, the number of enterprises who managed to find which changes were a root cause of security incidents has doubled since 2014, from 17% in 2014 to 33% in 2015.

"As with years past, errors made by internal staff, especially system administrators, who were the prime actors in over 60% of incidents, represent a significant volume of breaches and records," stated the Verizon 2015 Data Breach Investigations Report. "Understand where goofs, gaffes, fat fingers, etc., can affect sensitive data. Track how often incidents related to human error occur. Measure effectiveness of current and future controls, and establish an acceptable level of risk you are willing to live with, because human fallacy is with us to stay."

"Human factor is the key to informational security and its pain point at the same time," said Alex Vovk, CEO and co-founder of Netwrix. "No matter how advanced the security policy is, people still make mistakes and from time to time misbehave, putting overall system security and business continuity at risk. In this case automated auditing processes can help companies keep their IT systems under control and make sure that any deliberate or accidental changes will be detected and addressed properly to eliminate the risk of a data breach."

Meet the Netwrix team, and find out more about visibility into IT infrastructure during the RSA Conference at booth #2817, in San Francisco, April 20-24, 2015, and Microsoft Ignite Conference at booth #239, in Chicago, May 4-8, 2015.

About Netwrix Corporation

Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when and where across the entire IT infrastructure. This strengthens security, streamlines compliance and optimizes operations. Founded in 2006, Netwrix is named to the Inc. 5000 list and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com